}
public void testPermissions() throws Exception {
Session superuser2 = getHelper().getSuperuserSession();
try {
JackrabbitAccessControlManager acM = (JackrabbitAccessControlManager) acMgr;
JackrabbitAccessControlManager acM2 = (JackrabbitAccessControlManager) superuser2.getAccessControlManager();
Set<Principal> principals = Collections.singleton(testGroup.getPrincipal());
// --- test1 : add an ACE at path ----------------------------------
Privilege[] privs = privilegesFromName(Privilege.JCR_LOCK_MANAGEMENT);
modifyPrivileges(path, testGroup.getPrincipal(), privs, true);
assertTrue(acM.hasPrivileges(path, principals, privs));
assertTrue(acM2.hasPrivileges(path, principals, privs));
assertTrue(acM.hasPrivileges(childNPath, principals, privs));
assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
// --- test2: modify the policy at 'path' ------------------------------
modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_WRITE), true);
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_WRITE});
assertTrue(acM.hasPrivileges(path, principals, privs));
assertTrue(acM2.hasPrivileges(path, principals, privs));
assertTrue(acM.hasPrivileges(childNPath, principals, privs));
assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
// --- test3: add an policy at childNPath ------------------------------
modifyPrivileges(childNPath, testGroup.getPrincipal(),
privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), false);
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_WRITE});
assertTrue(acM.hasPrivileges(path, principals, privs));
assertTrue(acM2.hasPrivileges(path, principals, privs));
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_MODIFY_PROPERTIES,
Privilege.JCR_REMOVE_CHILD_NODES,
Privilege.JCR_REMOVE_NODE});
assertTrue(acM.hasPrivileges(childNPath, principals, privs));
assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
// --- test4: modify policy at childNPath --------------------------
modifyPrivileges(childNPath, testGroup.getPrincipal(),
privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), false);
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_WRITE});
assertTrue(acM.hasPrivileges(path, principals, privs));
assertTrue(acM2.hasPrivileges(path, principals, privs));
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_MODIFY_PROPERTIES,
Privilege.JCR_REMOVE_NODE});
assertTrue(acM.hasPrivileges(childNPath, principals, privs));
assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
// --- test4: remove policy at childNPath --------------------------
acMgr.removePolicy(childNPath, acMgr.getPolicies(childNPath)[0]);
superuser.save();
privs = privilegesFromNames(new String[] {
Privilege.JCR_LOCK_MANAGEMENT,
Privilege.JCR_WRITE});
assertTrue(acM.hasPrivileges(path, principals, privs));
assertTrue(acM2.hasPrivileges(path, principals, privs));
assertTrue(acM.hasPrivileges(childNPath, principals, privs));
assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
} finally {
superuser2.logout();
}
}